SB2007032001 - Gentoo update for PHP

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2007032001

SB2007032001 - Gentoo update for PHP

Published: March 20, 2007 Updated: June 28, 2025

Security Bulletin ID SB2007032001
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 15% Medium 85%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2006-5465)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.


2) Input validation error (CVE-ID: CVE-2007-0906)

The vulnerability allows attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885).


3) Input validation error (CVE-ID: CVE-2007-0907)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.


4) Input validation error (CVE-ID: CVE-2007-0908)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.


5) Input validation error (CVE-ID: CVE-2007-0909)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.


6) Input validation error (CVE-ID: CVE-2007-0910)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.


7) Input validation error (CVE-ID: CVE-2007-0911)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).


8) Buffer overflow (CVE-ID: CVE-2007-0988)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. Availability also affected by time out alarm for the script, which helps prevent infinite loops.


9) Input validation error (CVE-ID: CVE-2007-1286)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.


10) Input validation error (CVE-ID: CVE-2007-1375)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.


11) Input validation error (CVE-ID: CVE-2007-1376)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.


12) Input validation error (CVE-ID: CVE-2007-1380)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.


13) Input validation error (CVE-ID: CVE-2007-1383)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.


Remediation

Install update from vendor's website.

References